Like most folks, I heard of multicast but never configured it. That changed back in 2006 when we deployed music on hold over multicast for our Cisco voice infrastructure and also installed VBrick IP television which required multicast. I did the research and created a PIM sparse mode design based on the Cisco Solution Reference Network Design for campus networks.
We used anycast rendezvous points (RP) peered with Multicast Source Discovery Protocol (MSDP). We used a site local multicast scope and properly filtered on the edge. We peered with the multicast RPs in our headquarters site and passed organization local scope groups. Overall, we had a pretty robust, fault tolerant multicast design.
I did more multicast work at my next client through 2011 including dense-mode and simplified multicast forwarding (SMF), custom code for Internet Group Management Protocol (IGMP) joins for multicast on mobile ad-hoc networks (MANET) and lots of other unique designs.
Of course, this was all on IPv4.
Multicast for IPv6 is a different beast and although I haven't seen a requirement to deploy it for a client yet, I wanted to do some testing to get up to speed before the need manifests. I was fortunate to attend the Cisco IPv6 Fundamentals, Design and Deployment class last week. Although much was review for me given my hands-on IPv6 experience over the last 4 years, the multicast module and lab was very informative.
I understood my IPv4 multicast reference design would not map to IPv6. While IPv6 supports anycast RP, there is no MSDP for IPv6. Some (very basic) background:
-
In a Protocol Independent Multicast Sparse-Mode (PIM-SM) design, multicast sources send their multicast streams to the Rendezvous Point (RP). Multicast listeners are directed to the RP to make the connection and start receiving traffic. To make the design redundant and fault tolerant, we use anycast RP. Anycast is the practice of configuring the same unicast address on multiple devices. Traffic is routed towards the closest instance of the address based on routing protocol metrics. This of course can result in multicast sources sending traffic to one anycast RP instance and multicast listeners being routed to a different anycast RP instance. No connection would be made in this case.
To overcome this issue, we use Multicast Source Discovery Protocol (MSDP) to peer the anycast RPs so they share information about the multicast sources. This way, no matter which instance of the anycast RP a listener connects to, it will be able to establish the stream from the multicast source and start receiving traffic.
With the above explanation, the absence of MSDP in IPv6 is a problem with an anycast RP design. Foregoing anycast RP and just using a single RP does not provide fault tolerance should the RP go down. What to do?
RFC 4610 addresses this issue and Cisco implements it in IOS 15 and other flavors like XE. However, I learned in class that Cisco had another approach they called "Anycast RP with prefix arbitration".
The concept is simple using standard routing rules of longest match prefix. Simply configure the anycast address on multiple devices with different masks. Instead of equal cost multipath routing in redundant environments, all traffic will be routed to the anycast instance with the longest prefix (anycast RP primary). Should that RP go down, all traffic will be routed to the anycast instance with the second longest prefix (anycast RP secondary), and so on (anycast RP tertiary ...). This is very similar to "floating static routes"; static routes with a manually configured admin distance to bring up a BRI interface when the primary frame-relay goes down (remember 1990's).
- Configure primary anycast RP with longest prefix
- Configure secondary anycast RP with second longest prefix
- Configure tertiary anycast RP with third longest prefix
- And so on ...
- Advertise the anycast network from each device via routing protocol
This eliminates the need for MSDP to peer the anycast RPs since all traffic - both sources and listeners - will be routed to the same anycast RP instance. Or will it?
Consider an instance where multicast sources and / or listeners are directly connected to the devices which host the primary and secondary anycast RPs. Connected routes override any longest prefix match since they are connected. So there is a possibility where listeners won't be able to find sources. And that's what happened to me when I finished the documented multicast lab and decided to test this design.
The lab was only two routers with a client connected off each, so it's pretty obvious why it failed. I decided to test a more real-world scenario. Consider the following:
The relevant configurations:
C1#show run interface Loopback0 interface Loopback0 description Anycast RP (Primary) no ip address ipv6 address 2001:DB8:AFE:FE00::1/120 ipv6 enable ipv6 eigrp 1 end C2#show run interface Loopback0 interface Loopback0 description Anycast RP (Secondary) no ip address ipv6 address 2001:DB8:AFE:FE00::1/119 ipv6 enable ipv6 eigrp 1 end
With anycast RP primary configured on C1 (/120 mask) and the anycast RP secondary configured on C2 (/119 mask), we expect all traffic to be routed to C1. Indeed it is from both D1 and D2:
D1#show ipv6 route 2001:db8:afe:fe00::1 Routing entry for 2001:DB8:AFE:FE00::/120 Known via "eigrp 1", distance 90, metric 156160, type internal Route count is 1/1, share count 0 Routing paths: FE80::C804:11FF:FE44:1C, FastEthernet1/0 Last updated 00:00:12 ago D2#show ipv6 route 2001:DB8:AFE:FE00::1 Routing entry for 2001:DB8:AFE:FE00::/120 Known via "eigrp 1", distance 90, metric 156160, type internal Route count is 1/1, share count 0 Routing paths: FE80::C804:11FF:FE44:1D, FastEthernet1/0 Last updated 00:03:05 ago
"FastEthernet1/0" is the telltale that D1 and D2 will send their traffic for the anycast RP to C1 (see diagram above). When we shutdown the Loopback0 interface (anycast RP primary) on C1, traffic fails over:
D1#show ipv6 route 2001:db8:afe:fe00::1 Routing entry for 2001:DB8:AFE:FE00::/119 Known via "eigrp 1", distance 90, metric 156160, type internal Route count is 1/1, share count 0 Routing paths: FE80::C805:11FF:FE44:1C, FastEthernet1/1 Last updated 00:03:25 ago D2#show ipv6 route 2001:DB8:AFE:FE00::1 Routing entry for 2001:DB8:AFE:FE00::/119 Known via "eigrp 1", distance 90, metric 156160, type internal Route count is 1/1, share count 0 Routing paths: FE80::C805:11FF:FE44:1D, FastEthernet1/1 Last updated 00:03:27 ago
So the solution works! But what routes do C1 and C2 see? When operating in steady state (each anycast RP interface on C1 and C2 is up), all routing doesn't point to C1:
C1#show ipv6 route 2001:DB8:AFE:FE00::1 Routing entry for 2001:DB8:AFE:FE00::1/128 Known via "connected", distance 0, metric 0, type receive Route count is 1/1, share count 0 Routing paths: receive via Loopback0 Last updated 00:00:28 ago C2#show ipv6 route 2001:DB8:AFE:FE00::1 Routing entry for 2001:DB8:AFE:FE00::1/128 Known via "connected", distance 0, metric 0, type receive Route count is 1/1, share count 0 Routing paths: receive via Loopback0 Last updated 00:19:13 ago
Notice C1 and C2 each see the anycast RP address as their local Loopback0 interface. In the case of C1, that's correct. In the case of C2, it's correct (according to routing rules), but not desired (according to our anycast RP with prefix arbitration design). There isn't a way to "fix" it as it isn't broken, it just highlights a design constraint on the "Anycast RP with prefix arbitration" design:
- Never directly connect multicast sources or listeners to a device acting as an anycast RP
This may not be a problem in the design I tested as most people won't connect end stations to the core layer. But consider collapsed core designs or instances where the RPs may be configured on distribution layer switches that connect servers which are multicast sources.
"Anycast RP with prefix arbitration" is a pretty easy, straight forward design, but like anything new, test first and understand the limitations.
No comments :
Post a Comment